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CLAIMS 

1 1 . A method for performing secured communications between a Voice Browser and 

2 a network device, said Voice Browser and network device exchanging VoiceXML-based 

3 Web content comprising the steps of: 

4 transmitting a request to the network device to establish a secured 

5 communication session between the Voice Browser and the network device; 

6 authenticating the network device; 

7 subsequent to said authentication, negotiating a shared secret between the 

8 network device and the Voice Browser; 

9 encrypting the VoiceXML-based Web content using said shared secret as an 
jl encryption key; 

ijij exchanging the encrypted VoiceXML-based Web content between the network 

*i device and the Voice Browser; and, 

m decrypting the VoiceXML-based Web content using said shared secret as a 

decryption key. 

1=4 2. The method of claim 1 , wherein said step of authenticating the network device 

;=l comprises the steps of: 

H transmitting a digital certificate from the network device to the Voice Browser, 

4 said digital certificate having a public key and a reference to a certificate authority; and, 

5 validating said certificate authority. 

1 3. The method of claim 2, wherein said digital certificate is an X.509-compliant 

2 digital certificate. 

1 4. The method of claim 1 , further comprising the step of authenticating the Voice 

2 Browser. 
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1 5. The method of claim 4, wherein said step of authenticating the Voice Browser 

2 comprises the steps of: 

3 transmitting a digital certificate from the Voice Browser to the network device, 

4 said digital certificate having a public key and a reference to a certificate authority; and, 

5 validating said certificate authority. 

1 6. The method of claim 5, wherein said digital certificate is an X.509-compliant 

2 digital certificate. 

1 7. The method of claim 2, wherein said step of authenticating the network device 

|| further comprises the step of challenging the network device. 

i : H 

m 8. The method of claim 5, wherein said step of authenticating the Voice Browser 

ji further comprises the step of challenging the Voice Browser. 

Q 9. The method of claim 7, wherein said step of challenging the network device 

j:£ comprises the steps of: 

'M encrypting a message using said public key contained in said digital certificate; 

M transmitting said encrypted message from the Voice Browser to the network 

5 device; 

6 decrypting said encrypted message using a private key corresponding to said 

7 public key; and, 

8 transmitting the decrypted message to the Voice Browser. 

1 10. The method of claim 8, wherein said step of challenging the Voice Browser 

2 comprises the steps of: 

3 encrypting a message using said public key contained in said digital certificate; 

4 transmitting said encrypted message from the network device to the Voice 
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5 Browser; 

6 decrypting said encrypted message using a private key corresponding to said 

7 public key; and, 

8 transmitting the decrypted message to the network device. 

1 11. The method of claim 1 , wherein said negotiating step comprises the steps of: 

2 generating a key for use in a symmetric cryptographic algorithm; 

3 encrypting said generated key with said public key; 

4 transmitting said encrypted key to the network device; and, 

5 decrypting said key in the network device with a private key corresponding to 
; I said public key. 

12. The method of claim 1 , wherein said negotiating step comprises the steps of: 
m generating a key for use in a symmetric cryptographic algorithm; 

y encrypting said generated key with said public key; 

j;| transmitting said encrypted key to the Voice Browser; and, 

!«6 decrypting said key in the Voice Browser with a private key corresponding to said 

M public key. 

1 13. The method of claim 1 , further comprising the steps of: 

2 exchanging a list of supported symmetrical cryptographic algorithms for the 

3 network device and the Voice Browser; 

4 selecting a symmetrical cryptographic algorithm from said list; and, 

5 performing said encrypting and decrypting steps using said selected symmetrical 

6 cryptographic algorithm. 

1 14. The method of claim 1 , wherein said Voice Browser is a VoiceXML Browser 

2 Server. 
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15. A method for performing secured communications in a Voice Browser comprising 
the steps of: 

transmitting a request from the Voice Browser to a network device for a secure 
communications session between the Voice Browser and the network device; 

receiving from the network device a digital certificate containing a public key and 
a reference to a certificate authority. 

authenticating the network device based on the digital certificate; 

subsequent to said authentication, negotiating a shared secret with the network 
device; 

encrypting data using said shared secret as an encryption key and transmitting 
said encrypted data to the network device; and, 

receiving encrypted Web content from the network device and decrypting the 
Web content using said shared secret as a decryption key. 

1 6. The method of claim 1 5, wherein said transmitting step further comprises the 
step of: 

transmitting to said network device a list of supported encryption algorithms for 
use in said encryption and decryption steps, 

said network device selecting an encryption algorithm from among said list. 

17. The method of claim 16, wherein said data is encrypted using said selected 
encryption algorithm and said Web content is decrypted using said encryption 
algorithm. 

18. The method of claim 15, wherein said digital certificate is an X.509-compliant 
digital certificate. 

19. The method of claim 15, wherein said Web content is a VoiceXML document. 
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20. The method of claim 19, wherein said Voice Browser is a VoiceXML Browser 
Server. 

21 . A machine readable storage, having stored thereon a computer program for 
performing secured communications between a Voice Browser and a network device, 
said Voice Browser and network device exchanging VoiceXML-based Web content, 
said computer program having a plurality of code sections executable by a machine for 
causing the machine to perform the steps of: 

transmitting a request to the network device to establish a secured 
communication session between the Voice Browser and the network device; 
authenticating the network device; 

subsequent to said authentication, negotiating a shared secret between the 
network device and the Voice Browser; 

encrypting the VoiceXML-based Web content using said shared secret as an 
encryption key; 

exchanging the encrypted VoiceXML-based Web content between the network 
device and the Voice Browser; and, 

decrypting the VoiceXML-based Web content using said shared secret as a 
decryption key. 

22. The machine readable storage of claim 21 , wherein said step of authenticating 
the network device comprises the steps of: 

transmitting a digital certificate from the network device to the Voice Browser, 
said digital certificate having a public key and a reference to a certificate authority; and, 
validating said certificate authority. 

23. The machine readable storage of claim 22, wherein said digital certificate is an 
X.509-compliant digital certificate. 
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24. The machine readable storage of claim 21 , for further causing the machine to 
perform the step of authenticating the Voice Browser. 

25. The machine readable storage of claim 24, wherein said step of authenticating 
the Voice Browser comprises the steps of: 

transmitting a digital certificate from the Voice Browser to the network device, 
said digital certificate having a public key and a reference to a certificate authority; and, 
validating said certificate authority. 

26. The machine readable storage of claim 25, wherein said digital certificate is an 
X.509-compliant digital certificate. 

27. The machine readable storage of claim 22, wherein said step of authenticating 
the network device further comprises the step of challenging the network device. 

28. The machine readable storage of claim 25, wherein said step of authenticating 
the Voice Browser further comprises the step of challenging the Voice Browser. 

29. The machine readable storage of claim 27, wherein said step of challenging the 
network device comprises the steps of: 

encrypting a message using said public key contained in said digital certificate; 
transmitting said encrypted message from the Voice Browser to the network 
device; 

decrypting said encrypted message using a private key corresponding to said 
public key; and, 

transmitting the decrypted message to the Voice Browser. 

30. The machine readable storage of claim 28, wherein said step of challenging the 
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Voice Browser comprises the steps of: 

encrypting a message using said public key contained in said digital certificate; 

transmitting said encrypted message from the network device to the Voice 
Browser; 

decrypting said encrypted message using a private key corresponding to said 
public key; and, 

transmitting the decrypted message to the network device. 

31 . The machine readable storage of claim 21 , wherein said negotiating step 
comprises the steps of: 

generating a key for use in a symmetric cryptographic algorithm; 
encrypting said generated key with said public key; 
transmitting said encrypted key to the network device; and, 
decrypting said key in the network device with a private key corresponding to 
said public key. 

32. The machine readable storage of claim 21 , wherein said negotiating step 
comprises the steps of: 

generating a key for use in a symmetric cryptographic algorithm; 
encrypting said generated key with said public key; 
transmitting said encrypted key to the Voice Browser; and, 
decrypting said key in the Voice Browser with a private key corresponding to said 
public key. 

33. The machine readable storage of claim 21 , for further causing the machine to 
perform the steps of: 

exchanging a list of supported symmetrical cryptographic algorithms for the 
network device and the Voice Browser; 
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5 selecting a symmetrical cryptographic algorithm from said list; and, 

6 performing said encrypting and decrypting steps using said selected symmetrical 

7 cryptographic algorithm. 

1 34. The machine readable storage of claim 21 , wherein said Voice Browser is a 

2 VoiceXML Browser Server. 

1 35. A machine readable storage, having stored thereon a computer program for 

2 performing secured communications in a Voice Browser, said computer program having 

3 a plurality of code sections executable by a machine for causing the machine to 
J ^ perform the steps of: 

j fl transmitting a request from the Voice Browser to a network device for a secure 

i;§ communications session between the Voice Browser and the network device; 
m receiving from the network device a digital certificate containing a public key and 

; y a reference to a certificate authority. 

Q authenticating the network device based on the digital certificate; 

M> subsequent to said authentication, negotiating a shared secret with the network 

'it device; 

Q encrypting data using said shared secret as an encryption key and transmitting 

13 said encrypted data to the network device; and, 

14 receiving encrypted Web content from the network device and decrypting the 
is Web content using said shared secret as a decryption key. 

1 36. The machine readable storage of claim 35, wherein said transmitting step further 

2 comprises the step of: 

3 transmitting to said network device a list of supported encryption algorithms for 

4 use in said encryption and decryption steps, 

5 said network device selecting an encryption algorithm from among said list. 
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37. The machine readable storage of claim 36, wherein said data is encrypted using 
said selected encryption algorithm and said Web content is decrypted using said 
encryption algorithm. 

38. The machine readable storage of claim 35, wherein said digital certificate is an 
X.509-compliant digital certificate. 

39. The machine readable storage of claim 35, wherein said Web content is a 
VoiceXML document. 

40. The machine readable storage of claim 39, wherein said Voice Browser is a 
VoiceXML Browser Server. 
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